Multiframe algorithm addresses image integrity

Most schemes that address medical image integrity and authenticity deal only with single frame images and lack satisfactory solutions for multiframe modalities. Recent work in Brazil achieves viable integrity of n-frame medical images, such as x-ray angiography or intravascular ultrasound.

"We offer a way for the physician to know whether the image seen is indeed what should be seen," said Dr. Luiz O. M. Kobayashi of the Heart Institute (InCor), Hospital das Clínicas da Faculdade de Medicina da Universidade de São Paulo.

Since it is so easy to manipulate digital images with convincing results, radiologists or clinicians opening a medical image have no way of knowing whether someone has meddled with the image, removing or adding critical information to mislead diagnosis, treatment, research, or insurance claims, Kobayashi said.

He proposes adding the use of headers and watermarking alternatives to existing integrity solutions, with a specific approach to multiframe DICOM images.

"Until now, most integrity solutions, particularly watermarking, focused on single frame images," he said. "We address the multiframe issue."

The Brazilian algorithm uses data encryption and digital signature to protect image integrity and authenticity. Relevant header data and digital signature are used as inputs to cipher the image, Kobayashi said.

"One can retrieve the original data if and only if the images and the inputs are exact," he said.

The encryption process itself is a cascading scheme, in which each frame is ciphered with data related to previous frames, generating additional data on image integrity, Kobayashi said.

"The cascading approach means that there are different and unique 'nonces,' or random seeds, to cipher each frame, so that it is harder to decrypt without the correct key," he said.

This approach also allows an immediate visual detection of adulteration, which no previous work has provided. Tampered images are simply presented as noise.

"The fact that physicians can actually see something meaningful, as opposed to noise, is evidence that the image has not been modified or degraded," Kobayashi said.

The proposed solution provides a higher security level than the standard digital signature approach defined in DICOM Part 15. The bond between the signature and the pixel data is stronger, making it harder to tamper with the data, according to Kobayashi.

"The slightest change in the signature or the data is detected, providing evidence of adulteration," he said.